Browse CVEs

Docker Desktop for Windows installer has permission assignment vulnerabilities allowing low-privileged attackers to gain code execution. Attackers can...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into pages using the Happy...

The Mail Mint WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to 1.19.2, allowing unauthenticated attackers to ...

A cross-site request forgery (CSRF) vulnerability exists in ELECOM WRC-X1500GS-B and WRC-X1500GSA-B wireless routers. Attackers can trick authenticate...

This vulnerability allows attackers to calculate initial administrative passwords for affected ELECOM wireless routers using publicly available system...

The Spectra Gutenberg Blocks plugin for WordPress has an information disclosure vulnerability that allows unauthenticated attackers to read excerpts f...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into web pages via the Bor...

The WP ULike WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Subscriber-level access o...

Signal K Server versions prior to 2.20.3 on Windows systems contain a path traversal vulnerability in the applicationData API. Authenticated users can...

A stored cross-site scripting (XSS) vulnerability exists in Talishar's in-game chat system where the playerID parameter in SubmitChat.php is saved wit...

This reflected XSS vulnerability in FacturaScripts allows attackers to inject malicious scripts into error messages that get executed in users' browse...

This CSRF vulnerability in Tuleap allows attackers to trick authenticated users into performing unauthorized actions, specifically creating artifact l...

A heap overflow vulnerability in Rizin allows attackers to execute arbitrary code or cause denial of service by tricking users into analyzing maliciou...

This vulnerability in Amazon SageMaker Python SDK disables TLS certificate verification when importing Triton Python models, allowing HTTPS connection...

This XSS vulnerability in MediaWiki's ApiSandbox.js allows attackers to inject malicious scripts into web pages viewed by other users. It affects Medi...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's MultimediaViewer component. Attackers can inject malicious scr...

Multiple reflected cross-site scripting (XSS) vulnerabilities in Subrion CMS v4.2.1 installation module allow attackers to inject malicious JavaScript...

A stored cross-site scripting vulnerability in Tendenci CMS allows attackers to inject malicious scripts into the Jobs module. When users view affecte...

A stored cross-site scripting (XSS) vulnerability in Tendenci CMS v15.3.7 allows attackers to inject malicious scripts into forum posts that execute w...

This CVE describes an access control vulnerability in IBM Jazz Foundation that allows authenticated users to perform actions or view data beyond their...

An unauthenticated attacker on the same Controller Area Network (CAN) bus can disrupt operations by rapidly switching between configuration presets. T...

This vulnerability allows an unauthenticated attacker on the same network segment to disrupt operations by switching between multiple configuration pr...

This HTTP request smuggling vulnerability in SoupServer allows remote attackers to send specially crafted requests that bypass normal request processi...

A memory leak vulnerability in xmllint's interactive shell allows local denial-of-service attacks. When users input only whitespace, the program fails...

The SimpleDirectoryReader component in llama_index.core versions before 0.12.41 has a memory management flaw where it loads all files from a directory...

This vulnerability in LibreChat allows attackers to exploit an unrestricted fork function to create numerous content forks containing large Mermaid gr...

This CVE describes an out-of-bounds write vulnerability in the imgsys component due to missing bounds checks. It allows local privilege escalation fro...

This CVE describes a use-after-free vulnerability in the imgsys component that allows local privilege escalation. An attacker who already has System p...

This vulnerability in the imgsys component allows memory corruption due to improper locking. It enables local denial of service attacks when exploited...

This CVE describes an out-of-bounds write vulnerability in PCIe drivers that could allow local privilege escalation. Attackers with initial System pri...

This CVE describes an out-of-bounds write vulnerability in imgsys (likely MediaTek image processing subsystem) that allows local privilege escalation....

A cross-site scripting vulnerability in the email function of Cybozu Garoon allows attackers to inject malicious scripts that can reset arbitrary user...

A cross-site scripting vulnerability in the Message function of Cybozu Garoon allows attackers to inject malicious scripts that can reset arbitrary us...

An improper input verification vulnerability in Cybozu Garoon allows attackers to modify portal settings without proper authorization. This could bloc...

The Five Star Restaurant Reservations WordPress plugin before version 2.7.9 lacks CSRF protection on some bulk actions, allowing attackers to trick lo...

This SQL injection vulnerability in JeecgBoot 3.9.0 allows remote attackers to execute arbitrary SQL commands through the Online Report API's loadDict...

This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against the Medical Certificate Generator App 1.0, enabling u...

This CVE describes a backdoor vulnerability in the EFM ipTIME A8004T router's debug interface. Attackers can remotely manipulate the 'cmd' parameter t...

This vulnerability allows remote attackers to upload arbitrary files to the EFM ipTIME A8004T router via the VPN service component. Attackers can expl...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the CreateBearerRequest handler, potentially causing denial ...

CVE-2026-1738 is a reachable assertion vulnerability in Open5GS SGWC component that allows remote attackers to cause denial of service by manipulating...

A null pointer dereference vulnerability in Free5GC's Policy Control Function (PCF) allows remote attackers to cause denial of service by crashing the...

This CVE describes a command injection vulnerability in Yealink MeetingBar A30's Diagnostic Handler component. Attackers with physical access to the d...

A reachable assertion vulnerability in Open5GS SGWC component allows remote attackers to cause denial of service by sending specially crafted requests...

This vulnerability allows unauthorized remote access to the crontab endpoint in Zhong Bang CRMEB versions up to 5.6.3. Attackers can exploit this miss...

This CVE describes an improper authorization vulnerability in Zhong Bang CRMEB's store integration API endpoint. Attackers can manipulate the order_id...

QWE DL 2.0.1 mobile web application has a persistent cross-site scripting (XSS) vulnerability in path parameters that allows attackers to inject malic...

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting (XSS) vulnerability in the name parameter. Attackers can inject malicious scr...

BootCommerce 3.2.1 contains persistent cross-site scripting (XSS) vulnerabilities in guest order checkout input fields. Attackers can inject malicious...

CVE-2022-50942 is a client-side cross-site scripting vulnerability in Icinga Web 2.8.2 that allows attackers to inject malicious scripts through the i...